Document reserved uids/guids used by OpenStack
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openstack-manuals |
Fix Released
|
Wishlist
|
Andreas Jaeger |
Bug Description
After discussion on the list, it was decided to place them in getstart.xml, now in /common. Per Anne, don't use conditional markups, so perhaps a distribution-
RHEL example:
keystone:
glance:
cinder:
nova:x:
Plus neutron, swift, ceilometer, heat?
And if we're including info for third-party glue, then possibly:
mysql:x:27:27:MySQL Server:
qpidd:x:
nagios:
Changed in openstack-manuals: | |
status: | New → Confirmed |
importance: | Undecided → Wishlist |
milestone: | none → havana |
Changed in openstack-manuals: | |
assignee: | nobody → Andreas Jaeger (jaegerandi) |
Additional notes: Sometimes organizations assign UIDs/GIDs in the reserved range (currently 0-500 in RHEL) to other third party software or systems. As a result when installing software that requires one or more UIDs/GIDs, administrators are interested in knowing what they are so they can change them (or those of existing systems if necessary). It may also come up via a security audit.
So, because OpenStack appears to reserve a number of UIDs/GIDs in a typical deployment, this theoretically increases the chances of clashing with something else installed at a specific site.
Hence, needing to know the numbers, and here are the rest of OpenStack gids that I can see for RHEL doc/setup- <version> /uidgid shows reserved) x:164:164: OpenStack Quantum Daemons: /var/lib/ neutron: /sbin/nologin x:184:495: MongoDB Database Server: /var/lib/ mongodb: /sbin/nologin x:497:496: Memcached daemon: /var/run/ memcached: /sbin/nologin x:166:166: OpenStack ceilometer Daemons: /var/lib/ ceilometer: /sbin/nologin 187:187: OpenStack Heat Daemons: /var/lib/ heat:/sbin/ nologin 160:160: OpenStack Swift Daemons: /var/lib/ swift:/ sbin/nologin
(/etc/password shows installed, /usr/share/
neutron:
mongodb:
memcached:
ceilometer:
heat:x:
swift:x;
Probably best to start non-reserved gids at something higher then 1000, perhaps 5000 is a good best-practice strategy.